Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Jenkins Project | Jenkins Assembla Plugin | unknown |
|
No data.
No data.
| Vendor | Product | Confidence | Versions | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Jenkins Project | Jenkins Assembla Plugin | 100% |
|
Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 24 Jun 2026 21:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Jenkins Project
Jenkins Project jenkins Assembla Plugin |
|
| Vendors & Products |
Jenkins Project
Jenkins Project jenkins Assembla Plugin |
Wed, 24 Jun 2026 20:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Missing Permission Check Allows Credential Leakage to External URLs in Jenkins Assembla Plugin |
Wed, 24 Jun 2026 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Missing Permission Check Allows Credential Leakage in Jenkins Assembla Plugin | |
| Weaknesses | CWE-284 |
Wed, 24 Jun 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-862 | |
| Metrics |
cvssV3_1
|
Wed, 24 Jun 2026 15:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Missing Permission Check Allows Credential Leakage in Jenkins Assembla Plugin | |
| Weaknesses | CWE-284 |
Wed, 24 Jun 2026 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username and password. | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: jenkins
Published:
Updated: 2026-06-24T14:16:18.488Z
Reserved: 2026-06-24T08:41:44.359Z
Link: CVE-2026-57304
Vulnrichment
Updated: 2026-06-24T14:15:16.520Z
NVD
No data.
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-06-24T20:40:53Z